Security

Last updated: 2016-08-31

We know that every visual you create and the content it contains is extremely important to you and your business,
and we're very protective of it. This document highlights some of the layers of protection we work on as part
Vizzlo' architecture to ensure your data stays yours.

Physical and Environmental Security

All your data is stored in highly-secure data center in Europe, run by Amazon Web Services (AWS). Data center
access is limited to a few selected technicians and not even possible for Vizzlo staff. AWS' data centers are
equipped with state-of-the-art fire suppression, power and climate controls.

System Security

Vizzlo's systems utilizes highly customized versions of the XEN and KVM hypervisors, enabling paravirtualization
for Linux hosts. Paravirtualization enables a strict instance islolation and provides a higher security separation
between instances on the same hardware. A firewall resides within the hypervisor layer, between the physical
network interface and the instance's virtual interface, providing maximum protection against attacks from inside
the network.

As hypervisor guest systems, patched and hardened versions of the Linux operating system are used for the
application, web, and database servers. Administrative access to these systems is only possible using public key
authentication. All outside communication of these systems, as well as internal communication between those
systems is encrypted using transport-level security at all times.

Data Security and Backups

Vizzlo makes use of the following Relational Database Service features to ensure data security at all costs:
Multi-AZ hosting is used for the application, web, and database layers to protect against complete data center
outages. Vizzlo database instances are automatically software patched by RDS and isolated against other database
instances using the same purposes described above.

Automatic database snapshots are taken and stored securely in AWS's block storage system for a maximum of seven
days to allow for rolling back in case of software or configuration errors. Access to this backups restricted
to Vizzlo management only.

Communication Security

All data exchanged with Vizzlo is always transmitted over TLS using only state-of-the-art, secure SSL encryption
ciphers. This is also true for the communication between different machines inside our network. Vizzlo makes use
of HTTP Strict Transport Security to protect against protocol downgrade and cookie hijacking attacks. Our
software takes active meaures against known web application vulnerabilities, like cross-site scripting and
cross-site request forgery.

Employee Access

No Vizzlo employee will ever access your data unless required for support reasons. Support staff does not have the
ability to sign into your account, edit your documents, or even view you documents if they are marked as private.

Password Security

Passwords are one-way encrypted in the database using the 'bcrypt' algorithm, which is the state-of-the-art
protection against brute force attacks or attack with rainbow tables. Login credentials are, like all
communication with our systems, always sent over encrypted connections. No passwords are ever logged on our
systems.

Credit Card Security

Your full credit card information is never seen by, nor stored on Vizzlo's systems at any time. Only our billing
& invoicing service, as well the the selected payment processing gateway, will ever be able to see and store your
cardholder data to make recurring transactions. To protect our customers' data, we only work with partners that
have been audited by a PCI-certified auditor and are certified to PCI Service Provider Level 1. This is the most
stringent level of certification available in the payments industry. To learn more about the PCI compliance of
our partners, please see https://www.chargebee.com/security/ and https://stripe.com/docs/security/stripe